Can I Install Third-Party Applications on the API Gateway or Any Other API Management Product?

Document ID : KB000016296
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

It may be desired to install a third-party application for additional functionality on the CA API Gateway appliance.

Examples of such third-party applications/programs/software include (but are not limited to):

  • Monitoring / SNMP agents
    • Nagios
    • Dynatrace
    • SCOM
  • Syslog agents
    • Splunk
    • Elk / Logstash
  • Development or Automation tools
    • Git
    • Ansible
    • Jenkins
  • Security tools
    • Any antivirus or malware detection programs
    • PowerBroker
  • Mail servers
    • Postfix
    • Exim
    • Dovecot
Question:

Can I install a third-party application on my CA API Management product, such as the API Gateway or API Portal?

Environment:
All API Management products, regardless of form factor.
Answer:

Yes, third-party applications may be installed on an API Management product. This does not void the warranty or support agreement.

An official statement on third-party applications is below, along with a list of highlights first. The statements should be well understood and clarification should be requested from CA Support if needed.

  • CA Technologies may request the additional components be removed if it is believed it may be interfering with the normal operations or troubleshooting of the API Management product.
  • Thorough testing should be conducted in non-critical environments (i.e. development or testing) before being promoted to production.
  • CA Technologies is not responsible for the installation of third-party applications, nor for troubleshooting issues related to it, nor for the third-party application itself. Installation of any third-party application is considered to be "at your own risk".
  • Third-party applications may bring additional attack/vulnerability vectors to the product, making it less secure than if it was kept in an "out-of-the-box" state. CA Technologies does not issue updates to third-party applications outside of the dependencies of the API Management product.

Official statement on third-party applications from the CA Technologies API Management team:

When possible, we recommend that you utilize the API Gateway's built-in functionality before installing external applications. When the API Gateway's built-in functionality does not meet your requirements, we permit our customers to install additional applications without terminating or negatively impacting the support agreement between your organization and ours.

As with any change to the API Gateway, we strongly recommend that thorough testing in non-critical environments is carried out before escalating the deployment to more business-critical production systems. Please keep in mind that we may request that this software / application be removed from the system during subsequent support requests where we feel the third-party application may be interfering with the proper operation of the API Gateway.

Lastly, we do not include updates for external applications, tools, or their dependencies in API Gateway patches or platform updates. Upgrading an appliance may cause previously working configurations of your third-party tool to break, and such action would not be supported by CA Technologies. Since we do not provide updates for these external applications, we also do not test them. As such, external applications may create security vulnerabilities in our product that would not be present on a certified API Gateway appliance.

Additional Information: